[ADD] review mods 1

gfcapalbo · gfcapalbo · commit 82e6001a2bec · 2022-05-06T17:43:52.000+02:00
diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py
@@ -2,12 +2,14 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 {
-    "name": "Audit Log Permissions",
+    "name": "Audit Log User Permissions",
     "version": "11.0.1.0.0",
     "author": "Therp B.V.,Odoo Community Association (OCA)",
     "license": "AGPL-3",
     "website": "https://github.com/OCA/server-tools/",
     "category": "Tools",
+    "description": """Allow regular users to view Audit log lines 
+                   via the form view of the relevant model""",
     "depends": [
         "auditlog",
         "contacts",
diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
@@ -1,5 +1,6 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from . import auditlog_rule
+from . import auditlog_line_access_rule
 from . import ir_rule
 from . import auditlog_autovacuum
diff --git a/auditlog_security/models/auditlog_autovacuum.py b/auditlog_security/models/auditlog_autovacuum.py
@@ -8,7 +8,7 @@ class AuditlogAutovacuum(models.TransientModel):
     _inherit = "auditlog.autovacuum"
 
     @api.model
-    def autovaccum(self, days):
+    def autovacuum(self, days):
         return super(
             AuditlogAutovacuum, self.with_context(auditlog_write=True)
         ).autovacuum(days=days)
diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
@@ -0,0 +1,102 @@
+# Copyright 2021 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import exceptions, models, fields, api, modules, _
+from odoo.addons.auditlog.models.rule import FIELDS_BLACKLIST
+
+
+class AuditlogLineAccessRule(models.Model):
+    _name = "auditlog.line.access.rule"
+
+    name = fields.char()
+
+    field_ids = fields.Many2many(
+        "ir.model.fields"
+    )
+    group_ids = fields.Many2many(
+        "res.groups",
+        help="""Groups that will be allowed to see the logged fields, if left empty 
+                default will be all users with a login""",
+    )
+    model_id = fields.Many2one(
+            'ir.model', related='auditlog_rule_id.model_id', readonly=True)
+    auditlog_rule_id = fields.Many2one(
+            'auditlog.rule', 'auditlog_access_rule_ids',
+            readonly=True, ondelete='cascade'
+    )
+
+    def needs_rule(self):
+        self.ensure_one()
+        return bool(self.group_ids)
+
+    def get_linked_rules(self):
+        # return with context key so that deletion will not be forbidden
+        return self.env["ir.rule"].search(
+            [("auditlog_line_access_rule_id", "in", self.ids)])
+        
+    def get_field_ids_domain(self):
+        """note this solution will work only with a hardcoded design of models,
+        because on initialization , self.model_id.id still is not defined.
+        for now, to keep generality we put the filtering in the view."""
+        return [
+            ("model_id", "=", self.env.ref("base.model_res_partner").id),
+            ("name", "not in", FIELDS_BLACKLIST),
+        ]
+
+    def unlink(self):
+        to_delete = self.get_linked_rules()
+        res = super(AuditlogLineAccessRule, self).unlink()
+        if res:
+            res = res and to_delete.with_context(auditlog_write=True).unlink()
+        return res
+
+    def add_default_group_if_needed(self):
+        self.ensure_one()
+        res = False
+        if not self.group_ids and self.field_ids:
+            res = self.with_context(no_iter=True).write(
+                {"group_ids": [(6, 0, [self.env.ref("base.group_user").id])]})
+        return res
+
+    @api.model
+    def create(self, vals):
+        res = super(AuditlogLineAccessRule, self).create(vals)
+        res.add_default_group_if_needed()
+        if res.needs_rule():
+            res.generate_rules()
+        return res
+
+    @api.multi
+    def write(self, vals):
+        res = super(AuditlogLineAccessRule, self).write(vals)
+        for this in self: 
+            added = this.add_default_group_if_needed()
+            if any([x in vals for x in ("group_ids", "field_ids", "model_id", "all_fields")]) or added:
+                if this.needs_rule():
+                    this.generate_rules()
+                else:
+                    this.get_linked_rules().with_context(auditlog_write=True).unlink()
+        return res
+
+    def generate_rules(self):
+        old_rule = self.env["ir.rule"].search([("auditlog_line_access_rule_id", "=", self.id)], limit=1)
+        values = self._prepare_rule_values()
+        if old_rule:
+            old_rule.with_context(auditlog_write=True).write(values)
+        else:
+            self.with_context(auditlog_write=True).env["ir.rule"].create(values)
+
+    def _prepare_rule_values(self):
+        domain_force = "[" + " ('aulditlog_rule_id.log_id.model_id' , '=', %s)," % (self.model_id.id)
+        if self.field_ids:
+            domain_force += "('field_id', 'in',  %s)" % (self.field_ids.ids)
+        domain_force += "]"
+        return {
+            "name": "auditlog_extended_%s" % self.id,
+            "model_id": self.env.ref("auditlog.model_auditlog_log_line").id,
+            "groups": [(6, 0, self.group_ids.ids)],
+            "perm_read": True,
+            "domain_force": domain_force,
+            "auditlog_line_access_rule_id": self.id,
+        }
+
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
@@ -8,100 +8,27 @@
 class AuditlogRule(models.Model):
     _inherit = "auditlog.rule"
 
-    field_ids = fields.Many2many(
-        "ir.model.fields"
-    )
-    group_ids = fields.Many2many(
-        "res.groups",
-        help="""Groups that will be allowed to see the logged fields, if left empty 
-                default will be all users with a login""",
+    auditlog_line_access_rule_ids = fields.One2many(
+            'auditlog.line.access.rule' , 'auditlog_rule_id',
+            ondelete='cascade'
     )
 
     @api.onchange("model_id")
     def onchange_model_id(self):
         # if model changes we must wipe out all field ids
-        self.field_ids = False
-
-    def needs_rule(self):
-        self.ensure_one()
-        return bool(self.group_ids) 
-
-    def get_linked_rules(self):
-        # return with context key so that deletion will not be forbidden
-        return self.with_context(auditlog_write=True).env["ir.rule"].search(
-            [("auditlog_id", "in", self.ids)])
-        
-    def get_field_ids_domain(self):
-        """note this solution will work only with a hardcoded design of models,
-        because on initialization , self.model_id.id still is not defined.
-        for now, to keep generality we put the filtering in the view."""
-        return [
-            ("model_id", "=", self.env.ref("base.model_res_partner").id),
-            ("name", "not in", FIELDS_BLACKLIST),
-        ]
+        self.auditlog_line_access_rule_ids.unlink()
 
+    @api.multi
     def unlink(self):
-        # if we delete auditlog rule, corresponding ir.rules are removed
-        # TODO PROPOSAL: a warning here with detailed information?
-        to_delete = self.get_linked_rules()
+        lines =  self.mapped('auditlog_line_access_rule_ids')
         res = super(AuditlogRule, self).unlink()
         if res:
-            res = res and to_delete.unlink()
-        return res
-
-    def add_default_group_if_needed(self):
-        self.ensure_one()
-        res = False
-        if not self.group_ids and self.field_ids:
-            # if group has been removed and no group specified ad base user default
-            res = self.with_context(no_iter=True).write(
-                {"group_ids": [(6, 0, [self.env.ref("base.group_user").id])]})
-        return res
-
-    @api.model
-    def create(self, vals):
-        res = super(AuditlogRule, self).create(vals)
-        res.add_default_group_if_needed()
-        if res.needs_rule():
-            res.generate_rules()
+            lines.unlink()
         return res
 
-    @api.multi
-    def write(self, vals):
-        res = super(AuditlogRule, self).write(vals)
-        for this in self: 
-            added = this.add_default_group_if_needed()
-            if any([x in vals for x in ("group_ids", "field_ids", "model_id", "all_fields")]) or added:
-                if this.needs_rule():
-                    this.generate_rules()
-                else:
-                    this.get_linked_rules().unlink()
-        return res
-
-    def generate_rules(self):
-        old_rule = self.env["ir.rule"].search([("auditlog_id", "=", self.id)], limit=1)
-        values = self._prepare_rule_values()
-        if old_rule:
-            old_rule.with_context(auditlog_write=True).write(values)
-        else:
-            self.with_context(auditlog_write=True).env["ir.rule"].create(values)
-
-    def _prepare_rule_values(self):
-        domain_force = "[" + " ('log_id.model_id' , '=', %s)," % (self.model_id.id)
-        if self.field_ids:
-            domain_force += "('field_id', 'in',  %s)" % (self.field_ids.ids)
-        domain_force += "]"
-        return {
-            "name": "auditlog_extended_%s" % self.id,
-            "model_id": self.env.ref("auditlog.model_auditlog_log_line").id,
-            "groups": [(6, 0, self.group_ids.ids)],
-            "perm_read": True,
-            "domain_force": domain_force,
-            "auditlog_id": self.id,
-        }
-
     @api.multi
     def subscribe(self):
+        super(AuditlogRule, self).subscribe()
         act_window_model = self.env['ir.actions.act_window']
         for rule in self:
             domain = "[('log_id.model_id', '=', %s), ('log_id.res_id', '=', active_id)]" % (
@@ -116,3 +43,4 @@ def subscribe(self):
             act_window = act_window_model.sudo().create(vals)
             rule.write({'state': 'subscribed', 'action_id': act_window.id})
         return True
+        
diff --git a/auditlog_security/models/ir_rule.py b/auditlog_security/models/ir_rule.py
@@ -7,10 +7,11 @@
 class IrRule(models.Model):
     _inherit = "ir.rule"
 
-    auditlog_id = fields.Many2one(
-        "auditlog.rule",
+    auditlog_line_access_rule_id = fields.Many2one(
+        "auditlog.access.line.rule",
         required=False,
-        help="Auditlog Rule that generated this ir.rule",
+        index=True,
+        help="Auditlog line access Rule that generated this ir.rule",
     )
 
     @api.model
@@ -30,14 +31,14 @@ def create(self, values):
     @api.multi
     def write(self, vals):
         if "auditlog_id" in vals and not self.env.context.get("auditlog_write"):
-            raise exceptions.ValidationError(_("""Cannot change auditlog_id"""))
+            raise exceptions.ValidationError(_("""Cannot change auditlog_access_line_rule"""))
         return super(IrRule, self).write(vals)
 
     @api.multi
     def unlink(self):
         auditlog_write = self.env.context.get("auditlog_write")
         for this in self:
-            if this.auditlog_id and not auditlog_write:
+            if this.auditlog_line_access_rule_id and not auditlog_write:
                 raise exceptions.ValidationError(
                     _(
                         """
diff --git a/auditlog_security/security/ir.model.access.csv b/auditlog_security/security/ir.model.access.csv
@@ -1,3 +1,4 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_auditlog_log_line_user,auditlog_log_line_user,model_auditlog_log_line,base.group_user,1,0,0,0
 access_auditlog_log_user,auditlog_log_user,model_auditlog_log,base.group_user,1,0,0,0
+access_auditlog_line_access_rule_admin,auditlog_line_access_rule_admin,model_auditlog_line_access_rule,base.group_system,1,1,1,1
diff --git a/auditlog_security/static/description/index.html b/auditlog_security/static/description/index.html
diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml
diff --git a/maintainer-tools b/maintainer-tools
